summaryrefslogtreecommitdiffstats
path: root/modules/freetype2/src/tools/ftfuzzer
diff options
context:
space:
mode:
Diffstat (limited to 'modules/freetype2/src/tools/ftfuzzer')
-rw-r--r--modules/freetype2/src/tools/ftfuzzer/README12
-rw-r--r--modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc100
-rw-r--r--modules/freetype2/src/tools/ftfuzzer/ftmutator.cc2
-rw-r--r--modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc2
-rw-r--r--modules/freetype2/src/tools/ftfuzzer/runinput.cc2
5 files changed, 81 insertions, 37 deletions
diff --git a/modules/freetype2/src/tools/ftfuzzer/README b/modules/freetype2/src/tools/ftfuzzer/README
index c16b7e94e..09d8e9f32 100644
--- a/modules/freetype2/src/tools/ftfuzzer/README
+++ b/modules/freetype2/src/tools/ftfuzzer/README
@@ -6,7 +6,7 @@ ftfuzzer.cc
-----------
This file contains a target function for FreeType fuzzing. It can be
-used with libFuzzer (http://llvm.org/docs/LibFuzzer.html) or
+used with libFuzzer (https://llvm.org/docs/LibFuzzer.html) or
potentially any other similar fuzzer.
Usage:
@@ -20,7 +20,7 @@ Usage:
-fsanitize=address,signed-integer-overflow,shift
You also need the header files from the `libarchive' library
- (http://www.libarchive.org/) for handling tar files (see file
+ (https://www.libarchive.org/) for handling tar files (see file
`ftmutator.cc' below for more).
2. Link with `libFuzzer' (it contains `main') and `libarchive'.
@@ -29,10 +29,14 @@ Usage:
The exact flags and commands may vary.
+ https://github.com/google/oss-fuzz/tree/master/projects/freetype2
There is a continuous fuzzing bot that runs ftfuzzer.
- https://github.com/google/libfuzzer-bot/tree/master/freetype
+ https://oss-fuzz.com
+
+(You need an account to be able to see coverage reports and the like
+on oss-fuzz.com.)
Check the bot configuration for the most current settings.
@@ -64,7 +68,7 @@ a convenience `main' function. Link it with `ftfuzzer.cc',
----------------------------------------------------------------------
-Copyright 2015-2016 by
+Copyright 2015-2018 by
David Turner, Robert Wilhelm, and Werner Lemberg.
This file is part of the FreeType project, and may only be used,
diff --git a/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc b/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc
index 31834a5f9..acf2bc982 100644
--- a/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc
+++ b/modules/freetype2/src/tools/ftfuzzer/ftfuzzer.cc
@@ -2,7 +2,7 @@
//
// A fuzzing function to test FreeType with libFuzzer.
//
-// Copyright 2015-2016 by
+// Copyright 2015-2018 by
// David Turner, Robert Wilhelm, and Werner Lemberg.
//
// This file is part of the FreeType project, and may only be used,
@@ -43,8 +43,7 @@
#include FT_OUTLINE_H
#include FT_BBOX_H
#include FT_MODULE_H
-#include FT_CFF_DRIVER_H
-#include FT_TRUETYPE_DRIVER_H
+#include FT_DRIVER_H
#include FT_MULTIPLE_MASTERS_H
@@ -61,7 +60,7 @@
return;
// try to activate Adobe's CFF engine; it might not be the default
- unsigned int cff_hinting_engine = FT_CFF_HINTING_ADOBE;
+ unsigned int cff_hinting_engine = FT_HINTING_ADOBE;
FT_Property_Set( library,
"cff",
"hinting-engine", &cff_hinting_engine );
@@ -76,7 +75,7 @@
FT_Global global_ft;
- // We want to select n values at random (without repitition),
+ // We want to select n values at random (without repetition),
// with 0 < n <= N. The algorithm is taken from TAoCP, Vol. 2
// (Algorithm S, selection sampling technique)
struct Random
@@ -270,11 +269,20 @@
long num_faces = face->num_faces;
FT_Done_Face( face );
- // loop over all faces
- for ( long face_index = 0;
- face_index < num_faces;
- face_index++ )
+ // loop over up to 20 arbitrarily selected faces
+ // from index range [0;num-faces-1]
+ long max_face_cnt = num_faces < 20
+ ? num_faces
+ : 20;
+
+ Random faces_pool( (int)max_face_cnt, (int)num_faces );
+
+ for ( long face_cnt = 0;
+ face_cnt < max_face_cnt;
+ face_cnt++ )
{
+ long face_index = faces_pool.get() - 1;
+
// get number of instances
if ( FT_New_Memory_Face( library,
files[0].data(),
@@ -285,17 +293,41 @@
long num_instances = face->style_flags >> 16;
FT_Done_Face( face );
- // load face with and without instances
- for ( long instance_index = 0;
- instance_index < num_instances + 1;
- instance_index++ )
+ // loop over the face without instance (index 0)
+ // and up to 20 arbitrarily selected instances
+ // from index range [1;num_instances]
+ long max_instance_cnt = num_instances < 20
+ ? num_instances
+ : 20;
+
+ Random instances_pool( (int)max_instance_cnt, (int)num_instances );
+
+ for ( long instance_cnt = 0;
+ instance_cnt <= max_instance_cnt;
+ instance_cnt++ )
{
- if ( FT_New_Memory_Face( library,
- files[0].data(),
- (FT_Long)files[0].size(),
- ( instance_index << 16 ) + face_index,
- &face ) )
- continue;
+ long instance_index = 0;
+
+ if ( !instance_cnt )
+ {
+ if ( FT_New_Memory_Face( library,
+ files[0].data(),
+ (FT_Long)files[0].size(),
+ face_index,
+ &face ) )
+ continue;
+ }
+ else
+ {
+ instance_index = instances_pool.get();
+
+ if ( FT_New_Memory_Face( library,
+ files[0].data(),
+ (FT_Long)files[0].size(),
+ ( instance_index << 16 ) + face_index,
+ &face ) )
+ continue;
+ }
// if we have more than a single input file coming from an archive,
// attach them (starting with the second file) using the order given
@@ -314,19 +346,24 @@
FT_Attach_Stream( face, &open_args );
}
- // loop over an arbitrary size for outlines (index 0)
- // and up to ten arbitrarily selected bitmap stroke sizes (index 1-10)
- int max_idx = face->num_fixed_sizes < 10
- ? face->num_fixed_sizes
- : 10;
+ // loop over an arbitrary size for outlines
+ // and up to ten arbitrarily selected bitmap strike sizes
+ // from the range [0;num_fixed_sizes - 1]
+ int max_size_cnt = face->num_fixed_sizes < 10
+ ? face->num_fixed_sizes
+ : 10;
- Random pool( max_idx, face->num_fixed_sizes );
+ Random sizes_pool( max_size_cnt, face->num_fixed_sizes );
- for ( int idx = 0; idx <= max_idx; idx++ )
+ for ( int size_cnt = 0;
+ size_cnt <= max_size_cnt;
+ size_cnt++ )
{
FT_Int32 flags = load_flags;
- if ( !idx )
+ int size_index = 0;
+
+ if ( !size_cnt )
{
// set up 20pt at 72dpi as an arbitrary size
if ( FT_Set_Char_Size( face, 20 * 64, 20 * 64, 72, 72 ) )
@@ -335,17 +372,20 @@
}
else
{
- // bitmap strokes are not active for glyph variations
+ // bitmap strikes are not active for font variations
if ( instance_index )
continue;
- if ( FT_Select_Size( face, pool.get() - 1 ) )
+ size_index = sizes_pool.get() - 1;
+
+ if ( FT_Select_Size( face, size_index ) )
continue;
flags |= FT_LOAD_COLOR;
}
// test MM interface only for a face without a selected instance
- if ( instance_index == 0 )
+ // and without a selected bitmap strike
+ if ( !instance_index && !size_cnt )
setIntermediateAxis( face );
// loop over all glyphs
diff --git a/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc b/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc
index 4818450aa..ae4b14040 100644
--- a/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc
+++ b/modules/freetype2/src/tools/ftfuzzer/ftmutator.cc
@@ -2,7 +2,7 @@
//
// A custom fuzzer mutator to test for FreeType with libFuzzer.
//
-// Copyright 2015-2016 by
+// Copyright 2015-2018 by
// David Turner, Robert Wilhelm, and Werner Lemberg.
//
// This file is part of the FreeType project, and may only be used,
diff --git a/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc b/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc
index 05187b0be..c69b95ea0 100644
--- a/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc
+++ b/modules/freetype2/src/tools/ftfuzzer/rasterfuzzer.cc
@@ -2,7 +2,7 @@
//
// A fuzzing function to test FreeType's rasterizers with libFuzzer.
//
-// Copyright 2016 by
+// Copyright 2016-2018 by
// David Turner, Robert Wilhelm, and Werner Lemberg.
//
// This file is part of the FreeType project, and may only be used,
diff --git a/modules/freetype2/src/tools/ftfuzzer/runinput.cc b/modules/freetype2/src/tools/ftfuzzer/runinput.cc
index d5f9f1587..2b02f5758 100644
--- a/modules/freetype2/src/tools/ftfuzzer/runinput.cc
+++ b/modules/freetype2/src/tools/ftfuzzer/runinput.cc
@@ -2,7 +2,7 @@
//
// A `main' function for fuzzers like `ftfuzzer.cc'.
//
-// Copyright 2015-2016 by
+// Copyright 2015-2018 by
// David Turner, Robert Wilhelm, and Werner Lemberg.
//
// This file is part of the FreeType project, and may only be used,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 16:35:39 +0000